ComponentSpace

Forums



An exception occured: No partner identity providers have been configured.


An exception occured: No partner identity providers have been...

Author
Message
chshahidkhan
chshahidkhan
New Member
New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)

Group: Awaiting Activation
Posts: 13, Visits: 81
Hi, 
Trying to help one customer to setup federated  authentication using OKTA but getting this error in the service provider log: 
10:07:28,306 LOGIN  FEDERATED SECURITY 'UseFederatedAuthentication' setting is enabled. Automatically redirecting to configured identity provider. See saml configuration file for more information.
10:07:28,306 LOGOUT  FEDERATED SECURITY An exception occured: No partner identity providers have been configured.

When we surf the site, it never redirects to Identity provider. 

Any help would be appreciated. 

Thanks. 
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The "No partner identity providers have been configured" error means there are no <PartnerIdentityProvider> entries in your saml.config.
You'll find information of integration with Okta at:
https://www.componentspace.com/Forums/5439/Okta-Integration
I've copied our example configuration below.
You need a similar configuration entry in your saml.config but specific to your environment.

<PartnerIdentityProvider Name="http://www.okta.com/exk89rwwiahjnDQiv0h7"
Description="Okta"
SignAuthnRequest="true"
SignLogoutRequest="true"
SignLogoutResponse="true"
WantSAMLResponseSigned="true"
WantLogoutRequestSigned="true"
WantLogoutResponseSigned="true"
SingleSignOnServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
SingleSignOnServiceUrl="https://componentspace.oktapreview.com/app/componentspacedev527539_exampleserviceprovider_3/exk89rwwiahjnDQiv0h7/sso/saml"
SingleLogoutServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
SingleLogoutServiceUrl="https://componentspace.oktapreview.com/app/componentspacedev527539_exampleserviceprovider_3/exk89rwwiahjnDQiv0h7/slo/saml"
PartnerCertificateFile="Certificates\okta.cer"/>




Regards
ComponentSpace Development
chshahidkhan
chshahidkhan
New Member
New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)

Group: Awaiting Activation
Posts: 13, Visits: 81
ComponentSpace - 9/4/2018
The "No partner identity providers have been configured" error means there are no <PartnerIdentityProvider> entries in your saml.config.
You'll find information of integration with Okta at:
https://www.componentspace.com/Forums/5439/Okta-Integration
I've copied our example configuration below.
You need a similar configuration entry in your saml.config but specific to your environment.

<PartnerIdentityProvider Name="http://www.okta.com/exk89rwwiahjnDQiv0h7"
Description="Okta"
SignAuthnRequest="true"
SignLogoutRequest="true"
SignLogoutResponse="true"
WantSAMLResponseSigned="true"
WantLogoutRequestSigned="true"
WantLogoutResponseSigned="true"
SingleSignOnServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
SingleSignOnServiceUrl="https://componentspace.oktapreview.com/app/componentspacedev527539_exampleserviceprovider_3/exk89rwwiahjnDQiv0h7/sso/saml"
SingleLogoutServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
SingleLogoutServiceUrl="https://componentspace.oktapreview.com/app/componentspacedev527539_exampleserviceprovider_3/exk89rwwiahjnDQiv0h7/slo/saml"
PartnerCertificateFile="Certificates\okta.cer"/>



Thanks for the answer. Now i am getting this error: 
14:33:59,919 LOGIN  FEDERATED SECURITY 'UseFederatedAuthentication' setting is enabled. Automatically redirecting to configured identity provider. See saml configuration file for more information.
14:33:59,919 LOGOUT  FEDERATED SECURITY An exception occured: Failed to generate signature

It never shows me the OKTA login screen at all. I have verified that the NetWorkService (application pool user) has read access to the certificate in use. 

Any thoughts on this ?

Thanks. 



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
It looks like there's an issue generating the signature for the SAML authn request being sent to Okta.
There are a number of possible reasons for the failure. A full log should provide more details.
Please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace


Regards
ComponentSpace Development
chshahidkhan
chshahidkhan
New Member
New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)

Group: Awaiting Activation
Posts: 13, Visits: 81
ComponentSpace - 9/5/2018
It looks like there's an issue generating the signature for the SAML authn request being sent to Okta.
There are a number of possible reasons for the failure. A full log should provide more details.
Please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.
https://www.componentspace.com/Forums/17/Enabing-SAML-Trace

Thanks for your reply. 
Found the issue with the certificate (thanks to SAMLtrace) the CSP was different (Microsoft RSA SChannel Cryptographic Provider) than the supported ones. Followed the guide and associated the correct CSP to the cert. 
Now, the next problem is, when surfing the site (service provider), it never redirects to the IdentityProvider in this case OKTA. 

No more errors in the SAML trace

ComponentSpace.SAML2 Verbose: 0 : 6776/6: 05/09/2018 16:29:22: Initiating SSO to the partner identity provider.
ComponentSpace.SAML2 Verbose: 0 : 6776/6: 05/09/2018 16:29:22: Service provider session (xxxxxxxxxxxxxx) state:
ComponentSpace.SAML2 Verbose: 0 : 6776/6: 05/09/2018 16:29:22: An assertion consumer service URL hasn't been configured and won't be included in the authn request.
ComponentSpace.SAML2 Verbose: 0 : 6776/6: 05/09/2018 16:29:22: SAML message constructed: partner provider=http://www.okta.com/exk1z59kczQi8rC150i7, SAML message=<samlp:AuthnRequest ID="_06668914-eb7c-4c71-83cc-9bc21aa0718c" Version="2.0" IssueInstant="2018-09-05T15:29:22.112Z" Destination="https://oktsite/app/xxxx/exk1z59kczQi8rC150i7/sso/saml" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://site.com</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>.
ComponentSpace.SAML2 Verbose: 0 : 6776/6: 05/09/2018 16:29:22: SAML message ready to send: partner provider=http://www.okta.com/exk1z59kczQi8rC150i7, SAML message=<samlp:AuthnRequest ID="_06668914-eb7c-4c71-83cc-9bc21aa0718c" Version="2.0" IssueInstant="2018-09-05T15:29:22.112Z" Destination="https://oktasite/app/xxxxx/exk1z59kczQi8rC150i7/sso/saml" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://site.com</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>, destination URL=https://oktasite.com/app/xxxxxxx/exk1z59kczQi8rC150i7/sso/saml.
ComponentSpace.SAML2 Verbose: 0 : 6776/6: 05/09/2018 16:29:22: Retrieving the local service provider signature certificates for the default configuration and partner identity provider http://www.okta.com/exk1z59kczQi8rC150i7.
ComponentSpace.SAML2 Verbose: 0 : 6776/6: 05/09/2018 16:29:22: The X.509 certificate with subject name CN=*.cert, OU=Domain Control Validated and serial number xxxxx has been retrieved from the cache.


Any thoughts on it +

Thanks
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The log shows SSO is being initiated to Okta with a SAML authn request being sent.
If you're not being redirected to Okta, I suspect either there's some HTML markup or code in your application which is circumventing the sending of the authn request.
Please ensure you don't perform any redirects etc in your code after calling SAMLServiceProvider.InitiateSSO.
If there's still an issue, please include a section of your code where you call SAMLServiceProvider.InitiateSSO.

Regards
ComponentSpace Development
chshahidkhan
chshahidkhan
New Member
New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)

Group: Awaiting Activation
Posts: 13, Visits: 81
ComponentSpace - 9/7/2018
The log shows SSO is being initiated to Okta with a SAML authn request being sent.
If you're not being redirected to Okta, I suspect either there's some HTML markup or code in your application which is circumventing the sending of the authn request.
Please ensure you don't perform any redirects etc in your code after calling SAMLServiceProvider.InitiateSSO.
If there's still an issue, please include a section of your code where you call SAMLServiceProvider.InitiateSSO.

Thanks for your reply. 
I don't see any issue within our code since the same code works for all other IDP's and even if I send the un-secure request by for setting following to false, we do see the okta login screen and it works:

<Profiles> 
<PartnerIdentityProvider Name="http://www.okta.com/exk89rwwiahjnDQiv0h7" 
SignAuthnRequest="false" 
SignLogoutRequest="false" 
SignLogoutResponse="false" 

And one more thing, when I got the above error "An exception occurred : Failed to generate signature" then we saw the following in saml trace:

ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Initializing the SAML environment.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: The default SAML configuration has been loaded.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: The local service provider is https://customersite.com.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: The partner identity provider is http://www.okta.com/exk1z59kczQi8rC150i7.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: The SAML environment has been successfuly initialized.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Initiating SSO to the partner identity provider.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Service provider session (y03noyqycovttto54bwxu5a4) state:
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: An assertion consumer service URL hasn't been configured and won't be included in the authn request.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: SAML message constructed: partner provider=http://www.okta.com/exk1z59kczQi8rC150i7, SAML message=<samlp:AuthnRequest ID="_6a647cf4-db9a-4ac5-ba1a-78e23936813e" Version="2.0" IssueInstant="2018-09-05T13:48:17.687Z" Destination="https://xxxxxxxxx/exk1z59kczQi8rC150i7/sso/saml" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://customersite.com</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: SAML message ready to send: partner provider=http://www.okta.com/exk1z59kczQi8rC150i7, SAML message=<samlp:AuthnRequest ID="_6a647cf4-db9a-4ac5-ba1a-78e23936813e" Version="2.0" IssueInstant="2018-09-05T13:48:17.687Z" Destination="https://xxxxxx/exk1z59kczQi8rC150i7/sso/saml" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://customersite.comk</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>, destination URL=https://xxxxxxxx/exk1z59kczQi8rC150i7/sso/saml.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Retrieving the local service provider signature certificates for the default configuration and partner identity provider http://www.okta.com/exk1z59kczQi8rC150i7.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Searching the X.509 store LocalMachine for the certificate with find type: FindByThumbprint and find value: 3612C5178066B8840EA31B2093AE24114B8BCC61.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: The X.509 certificate with subject name CN=*.cert, OU=Domain Control Validated and serial number xxxxx has been loaded.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: The X.509 certificate with subject name CN=*.cert, OU=Domain Control Validated and serial number xxxxx has been cached.
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Sending request over HTTP Redirect, baseURL=https://xxxxxxxxx/exk1z59kczQi8rC150i7/sso/saml, samlMessage=<samlp:AuthnRequest ID="_6a647cf4-db9a-4ac5-ba1a-78e23936813e" Version="2.0" IssueInstant="2018-09-05T13:48:17.687Z" Destination="https://xxxxxxxxx/exk1z59kczQi8rC150i7/sso/saml" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://customersite.com</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>, relayState=
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Creating HTTP redirect query string
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Encoding SAML message: <samlp:AuthnRequest ID="_6a647cf4-db9a-4ac5-ba1a-78e23936813e" Version="2.0" IssueInstant="2018-09-05T13:48:17.687Z" Destination="https://xxxxxxxx/exk1z59kczQi8rC150i7/sso/saml" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://customersite.com</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Encoded SAML message: fZJLT8MwEIT/SuS7k7ivpFZbqVAhKvEIUHHgUm3dLbWa2MHr0MevJ0kRKge4jnd2dj55RFDkpZxWfmue8aNC8sF8NmbLAQx6idr0+Ho1BN4D1ecrEMCTFDvdYXeQii6y4BUdaWvGrBPGLJgTVTg35MH4WopFyuMhj/sL0ZW9VIokHKTJGwtmdYo24Fvn1vuSZBQZPHBtPDoDeWh3HjgWCKGyRQRl2Ty/O1uVy9XRI5Gx+6WI8LATp/5wp05POnXXoh/rJCKyUdOKBTfWKWyrjdkGcsLmxAyI9Cf+KJmz3iqbX2mz1uZ9zCpnpAXSJA0USNIr+TK9v5N1Rbk6D5G8XSwynj2+LFhwKHJDsuX4v7n8TmKTUTMtW1zuwv+/vb4bXcOMTS6ZQUFhy6RGFVa7UXSx+xxUyod62XyW2VyrY0OlAP93lghFq+g137SjsjJUotIbjWsWTPPc7q8dgq8ZelfVCKPJOfX3P5p8AQ==
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Query string: SAMLRequest=fZJLT8MwEIT%2FSuS7k7ivpFZbqVAhKvEIUHHgUm3dLbWa2MHr0MevJ0kRKge4jnd2dj55RFDkpZxWfmue8aNC8sF8NmbLAQx6idr0%2BHo1BN4D1ecrEMCTFDvdYXeQii6y4BUdaWvGrBPGLJgTVTg35MH4WopFyuMhj%2FsL0ZW9VIokHKTJGwtmdYo24Fvn1vuSZBQZPHBtPDoDeWh3HjgWCKGyRQRl2Ty%2FO1uVy9XRI5Gx%2B6WI8LATp%2F5wp05POnXXoh%2FrJCKyUdOKBTfWKWyrjdkGcsLmxAyI9Cf%2BKJmz3iqbX2mz1uZ9zCpnpAXSJA0USNIr%2BTK9v5N1Rbk6D5G8XSwynj2%2BLFhwKHJDsuX4v7n8TmKTUTMtW1zuwv%2B%2Fvb4bXcOMTS6ZQUFhy6RGFVa7UXSx%2BxxUyod62XyW2VyrY0OlAP93lghFq%2Bg137SjsjJUotIbjWsWTPPc7q8dgq8ZelfVCKPJOfX3P5p8AQ%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Generating signature
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Data to sign: 53 41 4d 4c 52 65 71 75 65 73 74 3d 66 5a 4a 4c 54 38 4d 77 45 49 54 25 32 46 53 75 53 37 6b 37 69 76 70 46 5a 62 71 56 41 68 4b 76 45 49 55 48 48 67 55 6d 33 64 4c 62 57 61 32 4d 48 72 30 4d 65 76 4a 30 6b 52 4b 67 65 34 6a 6e 64 32 64 6a 35 35 52 46 44 6b 70 5a 78 57 66 6d 75 65 38 61 4e 43 38 73 46 38 4e 6d 62 4c 41 51 78 36 69 64 72 30 25 32 42 48 6f 31 42 4e 34 44 31 65 63 72 45 4d 43 54 46 44 76 64 59 58 65 51 69 69 36 79 34 42 55 64 61 57 76 47 72 42 50 47 4c 4a 67 54 56 54 67 33 35 4d 48 34 57 6f 70 46 79 75 4d 68 6a 25 32 46 73 4c 30 5a 57 39 56 49 6f 6b 48 4b 54 4a 47 77 74 6d 64 59 6f 32 34 46 76 6e 31 76 75 53 5a 42 51 5a 50 48 42 74 50 44 6f 44 65 57 68 33 48 6a 67 57 43 4b 47 79 52 51 52 6c 32 54 79 25 32 46 4f 31 75 56 79 39 58 52 49 35 47 78 25 32 42 36 57 49 38 4c 41 54 70 25 32 46 35 77 70 30 35 50 4f 6e 58 58 6f 68 25 32 46 72 4a 43 4b 79 55 64 4f 4b 42 54 66 57 4b 57 79 72 6a 64 6b 47 63 73 4c 6d 78 41 79 49 39 43 66 25 32 42 4b 4a 6d 7a 33 69 71 62 58 32 6d 7a 31 75 5a 39 7a 43 70 6e 70 41 58 53 4a 41 30 55 53 4e 49 72 25 32 42 54 4b 39 76 35 4e 31 52 62 6b 36 44 35 47 38 58 53 77 79 6e 6a 32 25 32 42 4c 46 68 77 4b 48 4a 44 73 75 58 34 76 37 6e 38 54 6d 4b 54 55 54 4d 74 57 31 7a 75 77 76 25 32 42 25 32 46 76 62 34 62 58 63 4f 4d 54 53 36 5a 51 55 46 68 79 36 52 47 46 56 61 37 55 58 53 78 25 32 42 78 78 55 79 6f 64 36 32 58 79 57 32 56 79 72 59 30 4f 6c 41 50 39 33 6c 67 68 46 71 25 32 42 67 31 33 37 53 6a 73 6a 4a 55 6f 74 49 62 6a 57 73 57 54 50 50 63 37 71 38 64 67 71 38 5a 65 6c 66 56 43 4b 50 4a 4f 66 58 33 50 35 70 38 41 51 25 33 44 25 33 44 26 53 69 67 41 6c 67 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 77 33 2e 6f 72 67 25 32 46 32 30 30 31 25 32 46 30 34 25 32 46 78 6d 6c 64 73 69 67 2d 6d 6f 72 65 25 32 33 72 73 61 2d 73 68 61 32 35 36
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
ComponentSpace.SAML2 Verbose: 0 : 10200/9: 05/09/2018 14:48:17: Exception: ComponentSpace.SAML2.Exceptions.SAMLSignatureException: Failed to generate signature ---> System.Security.Cryptography.CryptographicException: Invalid algorithm specified.


And now, there is no redirect after the certificate gets load (see last reply). 

Thanks for your help. 
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The SAMLSignatureException being thrown should be handled by your application.
We recommend you catch all exceptions, log the error and redirect the user to a generic error page.
Are you saying if SignAuthnRequest is false, you see the Okta login screen?
And, if SignAuthnRequest is true you get the SAMLSignatureException exception?
If so, are you definitely using the correct CSP?
The "CryptographicException: Invalid algorithm specified" indicates the wrong CSP is being used.

Regards
ComponentSpace Development
chshahidkhan
chshahidkhan
New Member
New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)

Group: Awaiting Activation
Posts: 13, Visits: 81
ComponentSpace - 9/10/2018
The SAMLSignatureException being thrown should be handled by your application.
We recommend you catch all exceptions, log the error and redirect the user to a generic error page.
Are you saying if SignAuthnRequest is false, you see the Okta login screen?
And, if SignAuthnRequest is true you get the SAMLSignatureException exception?
If so, are you definitely using the correct CSP?
The "CryptographicException: Invalid algorithm specified" indicates the wrong CSP is being used.

Are you saying if SignAuthnRequest is false, you see the Okta login screen?
Yes,
And, if SignAuthnRequest is true you get the SAMLSignatureException exception?
No exception any more since we corrected the CSP. It just doing nothing after the authentication request and loading the cert. 
This is last thing logged in the SAML trace: 

ComponentSpace.SAML2 Verbose: 0 : 6776/6: 05/09/2018 16:29:22: The X.509 certificate with subject name CN=*.cert, OU=Domain Control Validated and serial number xxxxx has been retrieved from the cache.

Thanks.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Please send the entire log file as an email attachment to [email protected] mentioning your forum post.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search